Blippy.com exposes users’ credit and debit card numbers in security breach
This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.
August Capital partner David Hornik just announced on Blippy.com that he ponied up $8 million to lead a second round of funding for the controversial new website that shares credit card and online purchases with friends on the Web. The $11.2-million funding round followed an initial $1.6-million angel round in January.
Venture capitalists buy into risk. But Blippy.com users just got more risk than they bargained for.
Nearly 200 credit card transactions -- including credit card numbers -- shared on Blippy.com have been exposed and can be found in Google search results. Each result displayed that there was a debit or credit card transaction, the amount spent, the location and full card number.
The backlash was swift from the least risk adverse crowd we know: fellow techies.
Ryan Block on Twitter wrote: “Well, I’ll never be using Blippy again: full, exposed CC numbers with personal ID data. Unreal.”
Laurence Toney wrote: “Not the way to get people over the concern of security.”
And technology blog Mashable delivered this recommendation: “Given the breach, we suggest that Blippy users who have authorized the site to access their debit or credit transactions take immediate action to revoke access.”
We’ve asked Blippy.com founder Philip Kaplan for comment. We’ll let you know. In the meantime, you can read our article about Blippy.com here.
[Updated 11:19 a.m.: Kaplan acknowledged the breach Friday. He said it was an isolated incident involving four users.
“While it looks super scary and certainly [is unfortunate] for those few people who were affected, and is embarrassing to us, it’s a lot less bad than it looks,” Kaplan said in a blog post. “We’re making efforts to bolster our security to ensure that nothing like this ever happens again.”]
-- Jessica Guynn